Guest24897
/
DockerCLI
mirror of https://github.com/docker/cli.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update Go to 1.16.10 

go1.16.10 (released 2021-11-04) includes security fixes to the archive/zip and
debug/macho packages, as well as bug fixes to the compiler, linker, runtime, the
misc/wasm directory, and to the net/http package. See the Go 1.16.10 milestone
for details: https://github.com/golang/go/issues?q=milestone%3AGo1.16.10+label%3ACherryPickApproved

From the announcement e-mail:

[security] Go 1.17.3 and Go 1.16.10 are released

We have just released Go versions 1.17.3 and 1.16.10, minor point releases.
These minor releases include two security fixes following the security policy:

- archive/zip: don't panic on (*Reader).Open
  Reader.Open (the API implementing io/fs.FS introduced in Go 1.16) can be made
  to panic by an attacker providing either a crafted ZIP archive containing
  completely invalid names or an empty filename argument.
  Thank you to Colin Arnott, SiteHost and Noah Santschi-Cooney, Sourcegraph Code
  Intelligence Team for reporting this issue. This is CVE-2021-41772 and Go issue
  golang.org/issue/48085.
- debug/macho: invalid dynamic symbol table command can cause panic
  Malformed binaries parsed using Open or OpenFat can cause a panic when calling
  ImportedSymbols, due to an out-of-bounds slice operation.
  Thanks to Burak Çarıkçı - Yunus Yıldırım (CT-Zer0 Crypttech) for reporting this
  issue. This is CVE-2021-41771 and Go issue golang.org/issue/48990.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit e285f15009)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This commit is contained in:
Sebastiaan van Stijn 2021-11-05 11:12:54 +01:00
parent b485636f4b
commit 03fa8f92c8
No known key found for this signature in database
GPG Key ID: 76698F39D527CE8C
6 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Dockerfile
View File

@ -1,7 +1,7 @@
# syntax=docker/dockerfile:1.3
ARG BASE_VARIANT=alpine
ARG GO_VERSION=1.16.9
ARG GO_VERSION=1.16.10
ARG XX_VERSION=1.0.0-rc.2
FROM --platform=$BUILDPLATFORM golang:${GO_VERSION}-${BASE_VARIANT} AS gostable

2
appveyor.yml
View File

@ -4,7 +4,7 @@ clone_folder: c:\gopath\src\github.com\docker\cli
environment:
GOPATH: c:\gopath
GOVERSION: 1.16.9
GOVERSION: 1.16.10
DEPVERSION: v0.4.1
install:

2
dockerfiles/Dockerfile.binary-native
View File

@ -1,4 +1,4 @@
ARG GO_VERSION=1.16.9
ARG GO_VERSION=1.16.10
FROM golang:${GO_VERSION}-alpine

2
dockerfiles/Dockerfile.dev
View File

@ -1,6 +1,6 @@
# syntax=docker/dockerfile:1.3
ARG GO_VERSION=1.16.9
ARG GO_VERSION=1.16.10
FROM golang:${GO_VERSION}-alpine AS golang
ENV CGO_ENABLED=0

2
dockerfiles/Dockerfile.e2e
View File

@ -1,4 +1,4 @@
ARG GO_VERSION=1.16.9
ARG GO_VERSION=1.16.10
# Use Debian based image as docker-compose requires glibc.
FROM golang:${GO_VERSION}-buster

2
dockerfiles/Dockerfile.lint
View File

@ -1,6 +1,6 @@
# syntax=docker/dockerfile:1.3
ARG GO_VERSION=1.16.9
ARG GO_VERSION=1.16.10
ARG GOLANGCI_LINTER_SHA="v1.21.0"
FROM golang:${GO_VERSION}-alpine AS build